Posts
2526
Following
611
Followers
1350
"I'm interested in all kinds of astronomy."
[oss-sec] AMD Microcode Signature Verification Vulnerability

https://seclists.org/oss-sec/2025/q1/45

"It looks like an OEM leaked the patch for a major upcoming CPU vulnerability"
0
3
4
[RSS] Why doesn't the Windows blue screen of death prominently identify the company that created the driver that crashed?

https://devblogs.microsoft.com/oldnewthing/20250121-00/?p=110788
0
1
3
repeated

Well that's a first. @ScepticCtf, @diff_fusion), & @SeTcbPrivilege of fuzzware.io used a power drill to gain access to a port and exploit the Autel MaxiCharger. They head off to explain their work - except for the drill - we understand that part.

2
3
0
repeated

Just upped my donation to my server (if you're on infosec.exchange, here's where to donate, straight from the llama's mouth: https://infosec.exchange/@jerry/109581969726975197 ).

If you're on some other server, find out who runs it, find out if they need financial support to help run it, and donate some money if you can. Servers don't grow on trees. Etc.

0
2
0
repeated
repeated

Struggling to reverse Rust binaries? Cindy Xiao @cdxiao breaks down the Rust type system and shares practical techniques to reconstruct Rust structures. Learn how to tackle Rust malware & analyze binaries like a pro.

1
5
0
repeated

PSA FOR AUTHORS: some dipshit put a pirate edition of my latest book on Apple Books with a "50% OFF" medallion on the cover illo. They used an obscure unicode glyph in the author name so that searches for "Charles Stross" find it but the bookstore won't merge it.

Where there's one there'll be others!

My publisher's piracy team is handling it.

If you have a book that came out this year, beware! It's a relative of the IDN homograph attack only targeting ebook stores:

https://en.wikipedia.org/wiki/IDN_homograph_attack

1
6
0
repeated

CALLING ALL MUSICIANS!

Our jury for Best Soundtrack could urgently use one or two more jurors - are you able to help out?
We reactivated our application form just for you! Thank you humbly, everyone!

https://2025.meteoriks.org/taking_part/juror/

0
2
0
repeated

Trammell Hudson

It looks like oil paintings on wikipedia are being infected by phone camera software that automatically "fixes" skin textures.

3
6
0
repeated

HPE has confirmed it's investigating a data breach after a well-known hacker claimed to have stolen sensitive information from the company https://techcrunch.com/2025/01/21/hpe-investigating-security-breach-after-hacker-claims-theft-of-sensitive-data/

0
4
0
Why on Earth would you choose Ctrl-Break as a hotkey for anything in 2025?!
0
0
1
repeated

JetBrains security advisory: TeamCity 2024.12.1 Bug Fix Is Now Available
It's time for security theater as JetBrains announces a TeamCity update but refuses to tell us what vulnerabilities actually got fixed. 🤡 There are no release notes for 2024.12.1 at the time of this toot.
There is no dropdown option for TeamCity 2024.12.1 in Fixed security issues page. A CVE of "TeamCity" doesn't show any new CVEs since December 2024. On average, they update their security bulletin with CVEs 4-30 days after announcing security updates.

1
3
0
repeated

David Chisnall (*Now with 50% more sarcasm!*)

Any editors around who can help? We are trying to get the article on #CHERI added. It's so far been rejected three times:

First, it did not have enough independent citations. We added a lot to news articles about CHERI.

Second, it was insufficiently detailed and lacking context. We added a timeline of development, a load of cross references, and a simple introduction.

It was then rejected again because it lacks an explanation that a 15-year-old could understand. This is true of 90% of science-related articles on Wikipedia, so I'm not sure how we fix it. An explanation at that level is something I can write (I have done for the book!) but it would then make the page 3-4 times as long and not suitable for an encyclopaedia (I've previously seen pages rejected because Wikipedia is not the right place for tutorials).

I don't understand the standards for Wikipedia and I really need some guidance for how to resolve and progress this.

6
2
0
repeated

In our new blog post we take a little journey from an IBM advisory to confirming a hardening in Windows 11 24H2:

Vulnerability Archeology: Stealing Passwords with IBM i Access Client Solutions

https://blog.silentsignal.eu/2025/01/21/ibm-acs-password-dump/

0
2
0
[RSS] Reverse Engineering Call Of Duty Anti-Cheat

https://ssno.cc/posts/reversing-tac-1-4-2025/
1
3
6
repeated

Gurk 0.6.1 is here: The Signal Messenger client for the terminal code in

We’re excited to announce the latest update to Gurk.

This version brings improved performance and bug fixes to make your terminal messaging experience even better.

Update now and stay connected from the terminal!

$ doas pkg_add gurk

Artwork by @Banshee

0
3
0
repeated
Edited 1 month ago
3
15
0
repeated

Together, for a Europe united against hatred.

Today, a revised Code of conduct on countering illegal hate speech online is being integrated into the framework of the Digital Services Act.

The new Code will strengthen how online platforms deal with content that EU and national laws define as illegal hate speech.

It will also facilitate compliance with and the effective enforcement of the DSA regarding risks of disseminating illegal content on their services.

ℹ️ https://europa.eu/!cmmGdj

0
8
0
repeated
Show older